some questions about remote attestation

[shaopu yan]

It is a very helpful reference profile. I have learned a great deal from it. Therefore, I would appreciate it if you could answer the following questions. Thank you.

1. Suppose we have the following layers: bootrom -> BL1 firmware -> BL2 firmware -> Linux. Do we need to implement the DiceMainFlow in each layer?
2. The expected final output of the DICE flow is a certificate chain (where each layer generates a CDI certificate for the next layer). This serves as evidence of the device's identity, crucial for building remote attestation. Should the verifier need to provision the initial certificate chain as the known good value? And when the verifier wants to attest the platform, how does the attester(target platform) collect the certificate chain? Additionally, the layer N should know the certificate of the previous layer, so it needs to be stored somewhere.
3. For the intermediate parameters between layers, like CDI and cert, is there some recommended method that can be used to transfer? Share memory, storage?
4. Any plan to support SPDM binding in this profile?